CVE-2021-36307

Vulnerability

Dell Networking OS10 versions before October 2021 with the RESTCONF API enabled contain a privilege escalation vulnerability (CVE-2021-36307). The vulnerability exists in the RESTCONF API service, which is enabled by default in affected configurations. A low-privileged authenticated user with specific API access can exploit the flaw to gain administrative privileges. No specific component or code path is disclosed in the available references [1].

Exploitation

An attacker must have low-privileged authenticated access to the RESTCONF API (network-adjacent or remote, per the CVSS vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). No user interaction is required. The exact sequence of steps is not publicly detailed, but the vulnerability can be triggered with network access to the API endpoint [1].

Impact

Successful exploitation allows the attacker to escalate from a low-privileged user to an administrator on the affected OS10 system. This can lead to full compromise of confidentiality, integrity, and availability (CIA) of the device, including the ability to execute arbitrary commands, modify configuration, and access sensitive data [1].

Mitigation

Dell released a security update in October 2021 as part of the DSA-2021-189 advisory. Customers should upgrade OS10 to the October 2021 or later firmware versions [1]. No workarounds are documented; disabling RESTCONF API may reduce exposure but is not confirmed as an effective mitigation. The vulnerability is not listed in CISA's KEV as of the publication date.